Zoho FSM | Encryption in Zoho FSM

Encryption in Zoho FSM

Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which can only be understood by the intended recipient. This is how encryption became a method to protect data from those who might want to steal it.

Encryption can be used in two situations.
  1. Encryption in Transit
  2. Encryption at Rest (EAR)
Encryption in Transit
This refers to data that is encrypted when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects your data from man-in-the-middle-attacks. Learn more about Encryption in Transit.

Encryption at Rest
This refers to data that is encrypted when it is stored (not moving) — either on a disc, in a database, or some other form of media.In addition to encryption of data during transit, encryption of data when it is stored in the servers provides an even higher level of security. EAR protects against any  possible data leak due to server compromise or unauthorized access.

Encryption is done at the application layer using the AES-256 algorithm which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called Data Encryption Key(DEK). The DEK is further encrypted using the KEK (Key Encryption Key), providing yet another layer of security. The keys are generated and maintained by our in-house Key Management Service(KMS). Learn more about our KMS.

Enabling Encryption

To enable encryption for a field:
  1. Navigate to Setup > Customization > Module and Fields.
    Only users with the profile Administrator will have this option.
  2. Click the module whose fields you want to encrypt.
  3. For the field you want to encrypt, select the Encrypt data checkbox.
  4. Save the changes.

Fields and Features Supported

  1. Data encryption is available for all standard modules.
  2. The field types supported for encryption are Date, Date Time, Single Line, Multi Line (small), Email, Phone, and Currency.
  3. Encrypted field values can be used in APIs.
  4. You can use encrypted fields in integrations.
  5. You can disable the encryption for a field at anytime.
  6. The data imported to encrypted fields will also be encrypted. The data that is exported from these fields will be decrypted.
  7. Encrypted field values will be displayed in Reports.
  8. File encryption is supported for all the attachments added to FSM.

Restrictions

  1. Encryption will not be allowed for the Display Field of each module.

    Module

    Display Field

    Contacts

    Full Name (First Name & Last Name)

    Companies

    Company Name

    Services And Parts

    Part Name

    Assets

    Asset Name


  2. Only two system-defined fields can be encrypted in a module.
  3. Only five user-defined fields can be encrypted in a module.
  4. If the Single LineMulti Line (small), Phone field is encrypted, then the only conditions supported in Workflow rule criteria and Advanced Search will be is empty, is not empty.   
  5. If the Currency field is encrypted, then the conditions supported in Workflow rule criteria and Advanced Search will be is empty, is not empty, =, !=.
  6. Encryption cannot be applied to fields to which any of the below conditions have been applied in workflows, and reports.
    between, not between, contains, doesn't contain, starts with, ends with, is, isn't
  7. Encrypted fields can be used in Advanced filters but without the following conditions:
    between, not between, contains, doesn't contain, starts with, ends with, is, isn't